home ⫸ blog ⫸

█▓▒░ GDPR Notes ░▒▓█

Back when I started, not only the front-end developer, the back-end developer, the UX designer and the UI designer was the same person, we also didn’t have the concept of GDPR. The concept of GDPR specifically did not exist in 1998. GDPR was introduced in 2016 and fully enforced in 2018. However, data protection laws did exist before then. The EU had the Data Protection Directive (1995), which laid the groundwork for GDPR but was less strict and not directly enforceable across member states.
We must ensure that websites align with global data privacy regulations, which are becoming increasingly critical in today’s digital landscape.

Here’s a breakdown of the basic rules for each data privacy regulation:

GDPR (Europe)

• Requires explicit and informed consent before collecting personal data.
• Grants users the right to access, rectify, and erase their data (“right to be forgotten”).
• Requires businesses to provide clear privacy policies explaining data usage.
• Mandates data breach notifications within 72 hours.
• Enforces data minimization, ensuring only necessary data is collected.
• Restricts data transfers outside the EU unless safeguards are in place.

CCPA (California, USA)

• Gives consumers the right to know what personal data is collected and how it’s used.
• Allows users to opt out of the sale of their personal data.
• Provides the right to delete personal information upon request.
• Prohibits discrimination against users who exercise their privacy rights.
• Requires businesses to have a “Do Not Sell My Personal Information” link on their website.

LGPD (Brazil)

• Similar to GDPR, it requires clear and informed consent for data collection.
• Grants users the right to access, correct, delete, and transfer their data.
• Businesses must appoint a Data Protection Officer (DPO) to oversee compliance.
• Requires data breach notifications within a reasonable timeframe.
• Applies to any business handling Brazilian citizens’ data, regardless of location.

PIPEDA (Canada)

• Organizations must obtain valid consent before collecting personal data.
• Requires businesses to identify the purpose of data collection and limit its use.
• Grants individuals the right to access and correct their personal information.
• Mandates security safeguards to protect data from breaches.
• Requires data breach reporting if there’s a risk of significant harm.

Each of these regulations has unique rules, but they all emphasize transparency, user control, and data protection. – hence the banner at the bottom of this page!

░░ MICHELEBORN.COM